Post Sync Plugin <= 1.1 - Cross-Site Scripting

Post Sync WordPress plugin = 1.1 contains a reflected cross-site scripting caused by lack of sanitization and escaping of a parameter before outputting it in the page, letting attackers execute malicious scripts in the context of high privilege users, exploit requires attacker to craft a maliciou...

Glossy WordPress - Reflected XSS

Glossy WordPress plugin v2.3.5 contains a reflected cross-site scripting caused by unsanitized parameter output, letting attackers execute malicious scripts in high privilege users' browsers, exploit requires victim to click a malicious link. id: CVE-2024-13325 info: name: Glossy WordPress -...

Duplicate Page WordPress - Stored Cross-Site Scripting

Duplicate Page WordPress plugin = 4.4.2 contains a stored cross-site scripting caused by unsanitized Duplicate Post Suffix settings in output, letting high privilege users execute malicious scripts, exploit requires high privilege user role. id: CVE-2021-24681 info: name: Duplicate Page WordPress...

CVE-2026-33392

In JetBrains YouTrack before 2025.3.131383 high privileged user can achieve RCE via sandbox bypass...

CVE-2026-20202 Improper Input Validation during User Account Creation in Splunk Enterprise

In Splunk Enterprise versions below 10.2.2, 10.0.5, 9.4.10, and 9.3.11, and Splunk Cloud Platform versions below 10.4.2603.0, 10.3.2512.6, 10.2.2510.10, 10.1.2507.20, 10.0.2503.13, and 9.3.2411.127, a user who holds a role that contains the high-privilege capability editusercould create a special...

CVE-2026-2687 Reading progressbar < 1.3.1 - Admin+ Stored XSS

The Reading progressbar WordPress plugin before 1.3.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

EUVD-2026-10461

Due to missing authorization check in SAP S/4HANA HCM Portugal and SAP ERP HCM Portugal, a user with high privileges could access sensitive data belonging to another company. This vulnerability has a high impact on confidentiality and does not affect integrity and availability...

PT-2026-24163

Due to missing authorization check in SAP S/4HANA HCM Portugal and SAP ERP HCM Portugal, a user with high privileges could access sensitive data belonging to another company. This vulnerability has a high impact on confidentiality and does not affect integrity and availability...

Infoblox NIOS 安全漏洞

Infoblox NIOS is a system developed by the American company Infoblox, used for managing and automating network devices and services. It is utilized to automate the configuration and management of networks, ensuring stable network operation. The Infoblox NIOS 9.0.7 and earlier versions have securi...

CVE-2025-61879

In Infoblox NIOS through 9.0.7, a High-Privileged User Can Trigger an Arbitrary File Write via the Account Creation Mechanism...

UBUNTU-CVE-2026-21984

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization component: Core. Supported versions that are affected are 7.1.14 and 7.2.4. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to...

CVE-2025-5965

In the backup parameters, a user with high privilege is able to concatenate custom instructions to the backup setup. Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability in Centreon Infra Monitoring Backup configuration in the administration setup...

CVE-2025-5965

Centreon Infra Monitoring is affected by an OS Command Injection in the backup configuration when a high-privilege user appends custom instructions. The root cause is improper neutralization of special elements used in OS commands. Affected versions include Infra Monitoring 25.10.0–25.10.1 (befor...

CVE-2025-5965 RCE via the backup feature available only to user with high privilege

In the backup parameters, a user with high privilege is able to concatenate custom instructions to the backup setup. Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability in Centreon Infra Monitoring Backup configuration in the administration setup...

CVE-2025-42895

Due to insufficient validation of connection property values, the SAP HANA JDBC Client allows a high-privilege locally authenticated user to supply crafted parameters that lead to unauthorized code loading, resulting in low impact on confidentiality and integrity and high impact on availability o...

CVE-2025-22170

Jira Align is vulnerable to an authorization issue. A low-privilege user without sufficient privileges to perform an action could if they included a particular state-related parameter of a user with sufficient privileges to perform the action...

CVE-2025-5946

Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability in Centreon Infra Monitoring Poller reload setup in the configuration modules allows OS Command Injection. On the poller parameters page, a user with high privilege is able to concatenate custom...

CVE-2025-5946

Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability in Centreon Infra Monitoring Poller reload setup in the configuration modules allows OS Command Injection. On the poller parameters page, a user with high privilege is able to concatenate custom...

PT-2025-41936

Name of the Vulnerable Software and Affected Versions Centreon Infra Monitoring versions 23.10.0 through 23.10.28 Centreon Infra Monitoring versions 24.04.0 through 24.04.18 Centreon Infra Monitoring versions 24.10.0 through 24.10.13 Description A flaw exists in Centreon Infra Monitoring related ...

EUVD-2021-11168

Malware in sbrugna...